In one embodiment, a cartridge library, comprises a management component comprising a first processor module and a memory medium communicatively connected to the first processor module, an interface controller comprising a second processor module and a memory medium communicatively connected to the second...http://www.google.com/patents/US8024514?utm_source=gb-gplus-sharePatent US8024514 - Access control management

In one embodiment, a cartridge library, comprises a management component comprising a first processor module and a memory medium communicatively connected to the first processor module, an interface controller comprising a second processor module and a memory medium communicatively connected to the second processor module, wherein the interface controller comprises logic instructions stored on a computer readable medium which, when executed, cause the second processor module to, record, in a memory medium coupled to the cartridge library, at least one access control parameter, wherein the access control parameter identifies at least one of a user, a server, a command, or a time, receive, in an interface controller coupled to the cartridge library, a request for at least one resource of the cartridge library, and implement an access control routine in the interface controller to use the access control parameter to determine whether to limit a user's ability to perform at least one command on at least one resource of the cartridge library during at least one time period.

Images(8)

Claims(22)

1. A method of managing operations that may be performed in a cartridge library, comprising:

recording, in a memory medium coupled to the cartridge library, access control parameters including a first access control parameter to identify a particular time period during which a resource of the cartridge library can be accessed, and a second access control parameter to identify one of a user, a server, or a command;

receiving, in an interface controller coupled to the cartridge library, a request to access a storage cartridge of the cartridge library; and

implementing an access control routine in the interface controller, wherein the access control routine accesses the first and second access control parameters to limit, in response to the request, a user's ability to perform at least one command on the resource of the cartridge library during the particular time period identified by the first access control parameter.

2. The method of claim 1, further comprising receiving, in a management component coupled to the cartridge library, the access control parameters by receiving via a user interface in the management component instructions which assign access rights to a user of the cartridge library.

3. The method of claim 1, wherein recording, in the memory medium coupled to the cartridge library, the access control parameters comprises:

verifying, in a management component, the access control parameters by confirming that the resource identified by the first and second access control parameters is a valid resource;

after the verifying, transmitting the access control parameters to the interface controller; and

storing the access control parameters in a data file maintained by the interface controller.

4. The method of claim 3, wherein the verifying further comprises confirming that an administrator providing the access control parameters has predefined rights.

5. The method of claim 1, wherein the access control parameters are stored in an access control file, wherein using the access control parameters in determining whether to limit a user's ability to perform the at least one command on the resource of the cartridge library during the particular time period comprises:

obtaining an identifier from the request, wherein the identifier identifies a user of the cartridge library;

locating a record associated with the identifier in the access control file; and

forwarding the command to a target device in the cartridge library for processing when the request is consistent with the access control parameters in the access control file.

6. The method of claim 1, wherein the access control parameters are stored in an access control file, wherein using the access control parameters in determining whether to limit a user's ability to perform at least one command on the resource of the cartridge library during the particular time period comprises:

obtaining an identifier from the request, wherein the identifier identifies a user of the cartridge library;

locating a record associated with the identifier in the access control file; and

invoking an error routine when the request is inconsistent with the access control parameters in the access control file.

7. The method of claim 6, wherein invoking the error routine when the request is inconsistent with the access control parameters in the access control file comprises:

transmitting an error message to the user, wherein the error message indicates that a requested resource is unavailable to the user at this time; and

recording the error message in a log.

8. The method of claim 1, wherein the request is associated with a time stamp, and wherein the time stamp is compared to the particular time period of the first access control parameter to determine whether the at least one command can be performed on the resource in response to the request.

9. A cartridge library, comprising:

a management component comprising a first processor module and a computer readable medium communicatively connected to the first processor module;

an interface controller comprising a second processor module and a computer readable medium communicatively connected to the second processor module,

wherein the interface controller comprises logic instructions stored on the computer readable medium of the interface controller which, when executed, cause the second processor module to:

record, in a memory medium coupled to the cartridge library, access control parameters including a first access control parameter to identify a particular time period during which a resource of the cartridge library can be accessed, and a second access control parameter to identify one of a user, a server, or a command;

receive a request to access a storage cartridge of the cartridge library; and

implement an access control routine configured to use the first and second access control parameters to, in response to the request, determine whether to limit a user's ability to perform at least one command on the resource of the cartridge library during the particular time period identified by the first access control parameter.

10. The cartridge library of claim 9, wherein the management component comprises logic instructions stored on the computer readable medium of the management component which, when executed, cause the first processor module to receive the access control parameters by receiving instructions which assign access rights to a user of the storage system.

11. The cartridge library of claim 9, wherein the management component comprises logic instructions stored on the computer readable medium of the management component which, when executed, cause the first processor module to:

verify the access control parameters by confirming that the resource identified by the first and second access control parameters is a valid resource;

after the verifying, transmit the access control parameters to the interface controller; and

store the access control parameters in a data file maintained by the interface controller.

12. The cartridge library of claim 11, wherein the verifying is performed by confirming that an administrator providing the access control parameters has predefined rights.

13. The cartridge library of claim 9, wherein the access control parameters are stored in an access control file, the interface controller further comprising logic instructions stored on the computer readable medium of the interface controller which, when executed configure the second processor module to:

obtain an identifier from the request, wherein the identifier identifies a user of the cartridge library;

locate a record associated with the identifier in the access control file; and

forward the command to a target device in the cartridge library for processing when the request is consistent with the access control parameters in the access control file.

14. The cartridge library of claim 9, wherein the access control parameters are stored in an access control file, wherein the interface controller further comprises logic instructions stored on the computer readable medium of the interface controller which, when executed, cause the interface controller to:

obtain an identifier from the request, wherein the identifier identifies a user of the cartridge library;

locate a record associated with the identifier in the access control file; and

invoke an error routine when the request is inconsistent with the access control parameters in the access control file.

transmit an error message to the user, wherein the error message indicates that a requested resource is unavailable to the user at this time; and

record the error message in a log.

16. The cartridge library of claim 9, wherein the request is associated with a time stamp, and wherein the logic instructions when executed cause the second processor module to further compare the time stamp to the particular time period of the first access control parameter to determine whether the at least one command can be performed on the resource.

17. A computer program product comprising logic instructions stored on a computer readable medium which, when executed by one or more processors, cause the one or more processors to manage access requests in a cartridge library by performing operations, comprising:

recording, in a memory medium coupled to the cartridge library, access control parameters including a first access control parameter to identify a particular time period during which a resource of the cartridge library can be accessed, and a second access control parameter to identify one of a user, a server, or a command;

receiving, in an interface controller coupled to the cartridge library, a request to access a storage cartridge of the cartridge library; and

implementing an access control routine in the interface controller, wherein the access control routine accesses the first and second access control parameters to limit, in response to the request, a user's ability to perform at least one command on the resource of the cartridge library during the particular time period identified by the first access control parameter.

18. The computer program product of claim 17, further comprising logic instructions stored on the computer readable medium which, when executed by the one or more processors, cause the interface controller to receive the access control parameters by receiving via a user interface instructions from a management component which assign access rights to a user of the cartridge library.

19. The computer program product of claim 18, wherein the access rights limit the user's ability to perform at least one command on at least one resource of the cartridge library during the particular time period.

20. The computer program product of claim 17, further comprising logic instructions stored on the computer readable medium which, when executed by the one or more processors, cause the one or more processors to further:

verify, in a management component, the access control parameters by confirming that the resource identified by the first and second access control parameters is a valid resource;

after the verifying, transmit the access control parameters to the interface controller; and

store the access control parameters in a data file maintained by the interface controller.

21. The computer program product of claim 20, wherein the verifying further comprises confirming that an administrator providing the access control parameters has predefined rights.

22. The computer program product of claim 17, wherein the request is associated with a time stamp, and wherein the time stamp is compared to the particular time period of the first access control parameter to determine whether the at least one command can be performed on the resource.

Description

RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent application Ser. No. 11/712,661, filed Mar. 1, 2007, the disclosure of which is incorporated herein by reference.

BACKGROUND

The described subject matter relates to electronic computing, and more particularly to access control management in cartridge libraries that provide mass storage.

Storage automation systems, e.g., data cartridge storage systems, typically include a host computer and a data storage device. The data storage device typically comprises a cartridge storage element, input/output components, and a moveable cartridge access component, sometimes referred to as a “picker.” The cartridge storage element stores a plurality of data cartridges in an array, and each data cartridge in the array has an associated storage position within the cartridge storage element.

During operation, the data storage device may receive, from the host computer, a request for retrieval of a specified data cartridge. The storage device-determines, based on the request received from the host computer, a data cartridge position for the requested data cartridge. The movable cartridge access device then moves to that position, retrieves the requested cartridge from the cartridge storage element, moves to the position of an input/output component, for example, a data cartridge drive, and loads the data cartridge into the data cartridge drive.

Moreover, the data storage device may also receive, from the host computer, a request to return a previously retrieved data cartridge to the storage element. The storage device determines, based on such a request, to return received from the host computer, a data cartridge position for storing the foregoing data cartridge. The movable cartridge access device then retrieves the data cartridge from the input/output component, moves the data cartridge to the determined data cartridge location and loads the data cartridge into the cartridge storage element.

Typically, the data storage device further comprises a controller, which is configured to receive requests, such as the cartridge retrieval requests described above, from the host computer and manage the operation of the device in response to the requests. During operation of the storage device, the controller may retain operational information that is used by the controller for operation and management of the device. A data storage device may also comprise a separate management controller which is configured to receive requests such as, e.g., configuration settings or cartridge retrieval requests from a management computer or a person at a management console.

Owners or administrators of storage systems may wish to regulate access to resources managed by the storage system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic illustration of an embodiment of a cartridge library, according to embodiments.

FIG. 2 is a schematic illustration of an embodiment of a management component, according to embodiments.

FIG. 3 is a flowchart illustrating operations in an embodiment of a method for obtaining access control parameters.

FIG. 4 schematic illustration of a data table for storing access control parameters, according to an embodiment.

FIG. 5 is a flowchart illustrating operations in an embodiment of a method for enforcing access control parameters.

FIG. 6 is a schematic illustration of an embodiment of a cartridge library.

FIG. 7 is a flowchart illustrating operations in an embodiment of a method for obtaining access control parameters.

DETAILED DESCRIPTION

Described herein are exemplary tape library architectures, and methods for access control management in a cartridge drive system. The methods described herein may be embodied as logic instructions on a computer-readable medium. When executed on a processor, the logic instructions cause a general purpose computing device to be programmed as a special-purpose machine that implements the described methods. The processor, when configured by the logic instructions to execute the methods recited herein, constitutes structure for performing the described methods.

In exemplary embodiments, the architectures and methods may be implemented in tape storage libraries such as the tape storage libraries described in U.S. Pat. Nos. 5,926,341; 6,028,733; or 6,421,306, commonly assigned to the assignee of the present application, the disclosures of which are incorporated by reference herein in their entirety.

FIG. 1 is a schematic illustration of an exemplary embodiment of a tape library 100. The tape library 100 includes at least one library controller module 110, including a processor 112 which is coupled to a memory medium 114, and one or more cartridge drive controllers 120, which are coupled to (or contained within) a plurality of cartridge drives 130a, 130b via one or more interface buses, such as a small computer system interface (SCSI) bus. The library controller 110 is coupled to the cartridge drive controllers 120 via one or more interface buses such as, e.g., an RS422 bus or an inter-integrated circuit (I2C) bus. It is noted that the library controller 110 can be embodied as a separate component (as shown), or can be co-located with one or more of the driver controllers 120, or within a separate host computer 150.

The library controller 110 may be implemented as a software module that runs on a general purpose processing unit of the tape library, or as a special-purpose chipset. In some embodiments, library controller 110 may include a processor 112, a memory module 114 and an input/output (I/O) interface 118. Memory module 114 may include an access control module 116, the operation of which is discussed in greater detail below.

In some embodiments the host computer 150 may be connected to the drive controllers and the library controller by another bus. By way of example, the host computer 150 may be connected to the library and drives using SCSI and the library may be connected to the drives using RS422.

The cartridge drive controllers 120 coordinate data transfer to and from the one or more cartridge drives 130a-130b. Cartridge drive controllers 120a and 120b have respective processors 128a and 128b and respective memories 124a and 124b. Processors 128a, 128b may be implemented as general purpose processors that may be configured to execute logic instructions in the respective memories 124a, 124b, or as special purpose processors adapted to implement logic instructions embodied as firmware, or as ASICs. The memories 124a and 124b may be implemented as battery-backed, non-volatile RAMs (NVRAMs). Although only two controllers 120a and 120b are shown and discussed generally herein, aspects of this invention can be extended to other multi-controller configurations where more than two controllers are employed. Further, driver controllers 120 may include access control modules 126, which implement logic to manage access to data on one or more cartridges 132 managed by the system 100.

In some embodiments, tape library 100 may be coupled to a management component 170. Management component 170 may be embodied as an integrated computing device such as, e.g., a blade server implemented on a printed circuit board (PCB) that couples to an expansion slot in tape library 100. Alternatively, management component 170 may be embodied as a stand-alone computing device such as, e.g., a server, coupled to tape library 100 via a communication link, such that management component 170 may be coupled to multiple tape libraries 100.

Management component 170 includes a processor 172, a memory module 174, and an I/O interface 178. Processor 172 may be embodied as a general purpose computer processor. As used herein, the term “processor” means any type of computational element, such as but not limited to, a microprocessor, a microcontroller, a complex instruction set computing (CISC) microprocessor, a reduced instruction set (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, or any other type of processor or processing circuit. Memory 174 may include random access memory (RAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), and the like. Memory 174 may include an operating system to manage operations of management component 170. Operating system 140 may be embodied as a UNIX operating system or any derivative thereof (e.g., Linux, Solaris, etc.) or as a Windows® brand operating system, or other operating systems. The operating system may include (or manage) one or more communication interfaces such as I/O interface 178 to transceive data packets and/or data streams from a remote source. The I/O interface 178 may include a parallel port (e.g., a small computer system interface (SCSI) port), a serial port (e.g., an RS-232C or an RS-422 port) or other type of known or future developed data communication port.

In some embodiments management component 170 includes a removable non-volatile memory component (RNMC) 182 coupled via a socket 180, which provides a conductive connection between the RNMC 182 and other components of the management component 170. The RNMC 182 may store operational data associated with the tape library 100. For example, during a cartridge request and load, process errors may occur. Such errors may include mechanical failures, for example a loading device may malfunction, or software errors. When an error occurs, information for recovery of the tape library 100 is stored to the RNMC 182. As an example, data stored to the RNMC 182 may comprise information describing the position of the various mechanical components (e.g., movable cartridge access device) at the point of failure of the load process. Further, the RNMC 182 can store software and firmware capable of operating or managing the tape library 100 and its sub-components. Further, as described, below, the RNMC 182 may store access control management data for the tape library 100.

FIG. 2 is a schematic illustration of an embodiment of a management component, such as management component 170 depicted in FIG. 1. Referring to FIG. 2, management component 170 of FIG. 1 may be mounted on a circuit board 205. Management component module 170 comprises one or more system processing elements 210, such as a digital signal processor (DSP) or a central processing unit (CPU) that communicates with other elements within the management component 170 via a local interface 202, which can include one or more buses.

Management component 170 may further comprise read-only memory (ROM) 230 and random access memory (RAM) 240. The ROM 230 preferably stores a basic input/output system (BIOS) 232, which enables the management component module 244 to become operable without accessing additional software or firmware. The operation and functionality of BIOS 232 is discussed further below.

Circuit board 205 further comprises a communication interface 220, which in turn comprises one or more ports 222, 224. One of the ports 222 may be utilized to exchange data with the host computer 150. The other port 224 may be used to access information related to a 130a, 130b in tape library 100.

As described above, in some embodiments the management component 170 may be implemented as an integral component of tape library 100. In other embodiments the management component 170 may be integrated as a separate computing device which may be located remote from the storage device and connected to the tape library 100 via a communication network. Further, management component 170 may be coupled to multiple tape libraries which may be co-located in a single facility or may be geographically remote.

As shown by FIG. 2, in some embodiments each of the components of the management component module 244 may reside on a single printed circuit board (PCB) 205. However, in other embodiments, the management component 170 components may reside on multiple PCBs and/or be interconnected via other types of known or future-developed devices. The PCB 205 can interface with the tape library 100 via an expansion slot, as a daughterboard or as a controller board or via a communication link.

In some embodiments the PCB 205 comprises a socket 180 to which the RNMC 182 is coupled. RNMC 182 may be implemented as compact flash memory, and the 180 residing on the PCB 205 may comprise smart media card connectors, compact flash card connectors, secure digital card connectors, multi media card connectors, memory stick card connectors, or other known or future-developed chip interfaces that enable insertion and removal of the RNMC 182.

In some embodiments RNMC 182 stores operational data, including, but not limited to error logs 252, system component information 254, and copies of software and/or firmware for various components and/or sub-components of the system.

When an event such as, e.g., a read or write, load/unload, retry or error occurs during operation of the tape library 100, a management interface 134 in cartridge drive 132 detects the event and generates a signal in response to the event. Further, the management interface 134 may write information about the event to the error logs 252 in the RNMC 182, textual or symbolic data indicative of the detected error. In addition, as normal operational events occur, for example when a cartridge is retrieved from the tape library 100 or the cartridge drive 130 or when a read or write begins to a cartridge loaded into the cartridge drive 130, the management interface 134 may write, to the operational history 250, textual or symbolic data indicative of normal events that occur during operation.

A management component module 244 may be configured to periodically perform tests on the tape library 100 and store results of the tests in the RNMC 182. Similarly, the management component module 244 may periodically perform a hardware inventory of the cartridge library 100 to determine if new hardware has been added. If the management component module 244 performs an inventory and discovers new hardware components, then the management component module 244 may download to the system component information 254 of the RNMC 182, data indicative of the new hardware components. Note that the system component information 254 may also comprise serial numbers, warranty information, or maintenance information related various components of the RNMC 182.

The management component module 244 may use the data in the RNMC 182 to determine at what point during a process an error occurred. For example, the operational history 250 may indicate that a cartridge 132 was retrieved upon request, but the error logs 252 may indicate that the cartridge 132 was not loaded into the cartridge drive 130. Therefore, to initiate recovery, the manager logic 100 may retrieve the error log information representing the failed event and, based on this information determine that the first step in the recovery process is to return the cartridge 132 to a storage rack. Thereafter, the cartridge library can operate as normal, waiting for a request for a cartridge 132.

When power is provided to the PCB 205, the BIOS 232 executes at power-up. When the management component module 244 is implemented in software, the logic instructions comprising the management component module 244 may be stored in the RAM 240. Alternatively, the logic instructions comprising the management component module 244 may be stored in the RNMC 182, and the BIOS 232 may be configured to retrieve the logic instructions from the RNMC 182 and write the logic instructions into RAM 93 at power-up. The logic instructions may then be executed by the processing element 210. In addition, other software and/or firmware stored on the RNMC 182 for operating other components of the cartridge library 100 can be loaded and executed.

In some embodiments, a computing device such as, e.g., a computer (not specifically shown) or some other data communication device may be connected to one of the ports 222 of communication interface 220. This computer may be configured with a utility or a graphical user interface (GUI) that enables a user of the laptop to access the data stored on the RNMC 182. For example, a user could copy software and/or firmware revisions for the hardware components of the cartridge library to the RNMC 182, thereby non-invasively updating the software and/or firmware. Note that software and/or firmware upgrades could also be performed by removing the RNMC 182 from the printed circuit board 205, copying software and/or firmware upgrades to the RNMC 182 while the RNMC 182 is detached from the circuit board 205, and reinserting the RNMC 182 into the circuit board 205. The ports 222 can be configured to communicate via RS-232, RS-422, Ethernet, or any other known or future-developed protocols.

Operations for access control management in a cartridge library will be explained with reference to FIGS. 3-5. FIG. 3 is a flowchart illustrating operations in an embodiment of a method for obtaining access control parameters. Referring to FIG. 3, at operation 305 at least one access control parameter is received in access control module 242. In some embodiments an administrator or other authorized user of the cartridge library 100 may input at least one access control parameter to the access control module 242. For example, an administrator may establish a connection with access control module 242 via the communication interface 220 on circuit board 205 to interact with a user interface established by access control module 242.

In some embodiments the at least one access control parameter may identify at least one of a user, a server, a command, or a time. As used herein, the term “user” may correspond to a human user of cartridge library 100, a computer such as, e.g., a host computer 150, or a combination thereof. An access control parameter may also identify a specific resource managed by cartridge library 100. For example, an administrator may enter a set of access control parameters that authorizes a specific user of cartridge library 100 specific command rights over specific storage resources during specific periods of time. Similarly, an administrator may enter a set of access commands that limit a user's ability to perform at least one command on at least one resource of the cartridge library during at least one time period.

At operation 310 the access control parameter input is verified. In some embodiments the access control module 242 performs at least one test on the access data. For example, access control module 242 may perform a test to ensure that the administrator entering the data has appropriate administrative rights to enter the access control parameters. Further, access control module 242 may verify that the resource identified in an access control parameter is a valid resource in the cartridge library 100. For example, an access control parameter may identify a cartridge identifier associated with a specific cartridge or a Logical Unit Number (LUN) associated with a specific segment of storage. Access control module 242 may verify that the specific resource identified in the access control parameters valid within cartridge library 100.

In some embodiments, after the access control parameters are verified, they are sent to the drive controller(s) 120 (operation 315) which, in operation 320, store the access control parameters. For example, the access control module 126 of drive controller(s) 120 may include logic to manage one or more data tables that store access control parameters for cartridge library 100. The data tables may be stored in the memory module 124 of drive controller 120 or in a magnetic or optical storage medium coupled to drive controller 120.

FIG. 4 schematic illustration of one embodiment of a data table 400 for storing access control parameters. Referring to FIG. 4, in some embodiments, data table 400 may store access control parameters as a series of records that includes, for example, a world wide name 410, a user identifier 415, a LUN identifier 420, a command identifier 425, a day 430, a start time 435, and a stop time 440. Thus, for example, an administrator may specify that a particular user and/or host server is authorized to execute a read command on a specific LUN between 12:00 and 4:00 on Sunday, and between 2:00 AM 11:00 PM on a Monday and Tuesday, and so forth. Similarly, the administrator may authorize specific times and dates for write commands, copy commands, and other commands possible in the cartridge library 100. Access control module 126 may organize and store the access control parameters in a suitable data file such as, e.g., a database file.

Referring back to FIG. 3, in some embodiments the access control parameters may be stored (operation 325) in association with the management component 170 in lieu of, or in addition to, the drive controller memory 124. For example, an access control module 242 may be encoded as logic instructions stored in RAM 240 (or in RNMC 182). Access control module 242 may receive and verify the access control parameters entered by an administrator and may store the parameters in a memory module such as RAM 240, RNMC 182, or in a memory store coupled to access control module 242. In virtual tape library (VTL) instantiations, the drive may be emulated in software.

Similarly, in some embodiments the access control parameters may be stored in association with a library controller 110 in lieu of, or in addition to, the drive controller memory 124. For example, at operation 330 the library controller may transmit the access control parameters to a drive controller, and at operation 335 the library controller may store the access control parameters.

In some embodiments, logic operational in one or more of the controllers may use the data table depicted in FIG. 4 to manage access to the resources of cartridge library 100 in response to requests from host computers such as host computer 150 for one or more resources managed by the cartridge library 100. FIG. 5 is a flowchart illustrating operations in an embodiment of a method access control management. In one embodiment, the operations of FIG. 5 may be implemented by the access control module 126 associated with the drive controller(s) 120 in the cartridge library. In alternate embodiments, the operations of FIG. 5 may be implemented by the library controller 110, alone or in combination with the drive controller(s) 120.

Referring to FIG. 5, at operation 510 a resource access request is received. For example, a user may originate a resource access request from a computer such as, e.g., host computer 150, which is received in a drive controller. At operation 515 it is determined whether the access request is permissible. In some embodiments, when the access request is received in the drive controller 120, the access control module 126 parses the access request to obtain a user identifier and/or a host server identifier associated with the service request. The access control module 126 then searches the data tables using the identifier(s) extracted from the service request for a matching record(s). If no record is located, then control passes to operation 520 and an error routine is invoked. The error routine may include generating a message which indicates that the user and/or computer which generated the service request is not authorized to access resources managed by cartridge library 100. Further, the error routine may include the access request into a log such as, e.g., the error log 252 depicted in FIG. 2.

By contrast, if at least one matching record is located in the data tables, then the access request is compared to the information in the matching record(s) to determine whether the access request is consistent with the access rights defined in the table. For example, the command associated with the access request may be extracted from the service request, and the data table may be searched to determine whether the requester has rights to execute the service request. Further, the time at which the access request was received (or generated) may be determined by obtaining a time stamp associated with the request. The time stamp may be compared with the allowable time references in the data table for the command.

If the information in the data table 400 indicates that the access request is impermissible, then control passes to operation 520 and an error routine is invoked. The error routine may include generating a message which indicates that the user and/or computer which generated an unauthorized access request for resources managed by cartridge library 100. Further, the error routine may include entering the access request into a log such as, e.g., the error log 252 depicted in FIG. 2.

If, at operation 515, the access request is permissible, then control passes to operation 530 and the drive controller(s) execute the resource request. If, at operation 535, the resource request is successfully executed, then the data from the resource request is returned to the requestor (operation 540). The data may include data resulting from a read operation and/or an acknowledgment indicating the status of a read, write, or copy operation.

By contrast if the resource request is not successfully executed, then control passes to operation 545 and an error routine is invoked. The error routine may include generating a message which indicates that the access request for resources managed by cartridge library 100 was unsuccessful. Further, the error routine may include entering the access request into a log such as, e.g., the error log 252 depicted in FIG. 2.

FIG. 6 is a schematic illustration of an embodiment of a cartridge library 100. Many components of the cartridge library 100 depicted in FIG. 6 are the same as the corresponding components depicted in the cartridge library of FIG. 1. Components identified by reference numerals in FIG. 6 which have corresponding reference numerals in FIG. 1 may be presumed to be the same components. In the interests of brevity and clarity, analogous components will not be described again.

In the embodiment depicted in FIG. 6 an interface controller 190 is disposed in the communication path between cartridge library 100 and host computer 150. Interface controller 190 may be integrated within cartridge library 100, e.g., as a component implemented on a circuit board and connectable to cartridge library 100 by a suitable connection interface. Alternatively, interface controller 190 may be a separate, stand-alone component connectable to cartridge library 100 by an external connection interface. Moreover, interface controller 190 may be coupled to multiple cartridge libraries 100.

Interface controller 190 comprises a processor 192, and access control module 194, and input/output (I/O) interface 196. In operation, I/O requests from host computer 150 are passed to interface controller 190. The input-output interface 196 receives I/O requests from the host computer and invokes logic operational on processor 192 in order to process the I/O requests, which may then be submitted to the library controller 110, or directly to one or more of the drive controllers at 120.

In the embodiment depicted in FIG. 6, an access control module 194 resides in the interface controller 190. The access control module 194 operates substantially in accordance with the access control modules 116 and 126 described with reference to FIG. 1. More particularly, the access control module 194 utilizes the access control parameters stored in the data table 400 depicted in FIG. 4 to implement a rule-based access policy for input-output requests from a host computer 150. In one embodiment, access control module 194 may implement operations analogous to those described with reference to in FIG. 5. However, in embodiment depicted in FIG. 6, the operations described with reference to FIG. 5 would be executed in the interface controller 190.

Thus, at operation 510 a resource access request for a least one resource of the cartridge library 100 is received in the interface controller 190. For example, the resource requested may correspond to an input-output request from a host computer 154 for data managed by cartridge library 100.

At operation 515, it is determined whether the access request is permissible. As described above, in some embodiments, when the access request is received in the interface controller 190, the access control module 194 parses the access request to obtain a user identifier and/or a host server identifier associated with the service request. The access control module 194 then searches the data table(s) 400 using the identifier(s) extracted from the service request for a matching record(s). If no record is located, then control passes to operation 520 and an error routine is invoked. The error routine may include generating a message which indicates that the user and/or computer which generated the service request is not authorized to access resources managed by cartridge library 100. Further, the error routine may include the access request into a log such as, e.g., the error log 252 depicted in FIG. 2.

By contrast, if at least one matching record is located in the data tables, then the access request is compared to the information in the matching record(s) to determine whether the access request is consistent with the access rights defined in the table. For example, the command associated with the access request may be extracted from the service request, and the data table may be searched to determine whether the requester has rights to execute the service request. Further, the time at which the access request was received (or generated) may be determined by obtaining a time stamp associated with the request. The time stamp may be compared with the allowable time references in the data table for the command.

If the information in the data table 400 indicates that the access request is impermissible, then control passes to operation 520 and an error routine is invoked. The error routine may include generating a message which indicates that the user and/or computer which generated an unauthorized access request for resources managed by cartridge library 100. Further, the error routine may include entering the access request into a log such as, e.g., the error log 252 depicted in FIG. 2.

If, at operation 515, the access request is permissible, then control passes to operation 530 and the request is forwarded to the drive controller 120 for execution. If, at operation 535, the resource request is successfully executed, then the data from the resource request is returned to the requestor (operation 540). The data may include data resulting from a read operation and/or an acknowledgment indicating the status of a read, write, or copy operation.

By contrast if the resource request is not successfully executed, then control passes to operation 545 and an error routine is invoked. The error routine may include generating a message which indicates that the access request for resources managed by cartridge library 100 was unsuccessful. Further, the error routine may include entering the access request into a log such as, e.g., the error log 252 depicted in FIG. 2. In some embodiments, operations 520 and 530 through 545 may be implemented by device other than the interface controller. For example, the operations may be implemented by the drive controller alone or in combination with the library controller.

The embodiment of cartridge library 100 depicted in FIG. 6 implements a method of storing access control parameters that is a slight variation on the method depicted in FIG. 3. FIG. 7 is a flowchart illustrating operations in an embodiment of a method for obtaining access control parameters that may be used with the embodiment of cartridge library 100 depicted in FIG. 6.

Referring to FIG. 7, at operation 705 at least one access control parameter is received in management component 170. In some embodiments an administrator or other authorized user of the cartridge library 100 may input at least one access control parameter to the user interface 176 of management component 170. For example, as described above, an administrator may establish a connection with access control module 242 via the communication interface 220 on circuit board 205 to interact with a user interface established by access control module 242.

In some embodiments the at least one access control parameter may identify at least one of a user, a server, a command, or a time. As used herein, the term “user” may correspond to a human user of cartridge library 100, a computer such as, e.g., a host computer 150, or a combination thereof. An access control parameter may also identify a specific resource managed by cartridge library 100. For example, an administrator may enter a set of access control parameters that authorizes a specific user of cartridge library 100 specific command rights over specific storage resources during specific periods of time. Similarly, an administrator may enter a set of access commands that limit a user's ability to perform at least one command on at least one resource of the cartridge library during at least one time period.

At operation 710 the access control parameter input is verified. In some embodiments the access control module 242 performs at least one test on the access data. For example, access control module 242 may perform a test to ensure that the administrator entering the data has appropriate administrative rights to enter the access control parameters. Further, access control module 242 may verify that the resource identified in an access control parameter is a valid resource in the cartridge library 100. For example, an access control parameter may identify a cartridge identifier associated with a specific cartridge or a Logical Unit Number (LUN) associated with a specific segment of storage. Access control module 242 may verify that the specific resource identified in the access control parameters valid within cartridge library 100.

In some embodiments, after the access control parameters are verified, they are sent to the interface controller 190 (operation 715) which, in operation 720, store the access control parameters. For example, the access control module 194 of interface controller 190 may include logic to manage one or more data tables 400 that store access control parameters for cartridge library 100. The data tables may be stored in the memory module 198 of interface controller 190 or in a magnetic or optical storage medium coupled to interface controller 190.

Operations 725 through 745 are optional, and therefore indicated by dashed lines. At operation 725, the management component may store the access control parameters in a memory module coupled to the management component. For example, referring to FIG. 6, the manager component 170 may store the access control parameters in a memory module such as the removable nonvolatile memory component 182. At operation 730 the management component may transmit the access control parameters to the library controller 110, which at operation 735 may store the access control parameters in a memory module, such as, for example the memory modules 114. At operation 740 the management component may transmit the access control parameters to one or more of the drive controllers 120, which at operation 745 may store the access control parameters in a memory module, such as, for example the memory modules 124. Thus, the access control parameter data table 400 depicted in FIG. 4 may be stored in one or more memory locations associated with the library 100.

Thus, the operations of FIGS. 3, 5, and 7 permit a cartridge library 100 to manage access control for resources managed by a cartridge library. Access control request may be managed in one or more of an interface controller 190, a library controller 110, or a management component 170. These operations may be implemented as logic instructions stored in a computer-readable medium such as a memory module. However, in other embodiments the logic may be implemented in hardware or a combination of hardware and software. The logic instructions can be stored on any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch and execute instructions. In the context of this document, a computer-readable medium can be any means that can contain or store a program for use by or in connection with the instruction execution system, apparatus, or device. The computer-readable medium can be, for example but not limited to, an electronic, magnetic, or optical system, apparatus, device, etc. Note that the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.

Although the described arrangements and procedures have been described in language specific to structural features and/or methodological operations, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or operations described. Rather, the specific features and operations are disclosed as preferred forms of implementing the claimed present subject matter.

Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least an implementation. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment.

Thus, although embodiments have been described in language specific to structural features and/or methodological acts, it is to be understood that claimed subject matter may not be limited to the specific features or acts described. Rather, the specific features and acts are disclosed as sample forms of implementing the claimed subject matter.